diff options
Diffstat (limited to 'conf/CA')
-rw-r--r-- | conf/CA/clean.sh | 2 | ||||
-rw-r--r-- | conf/CA/manual.sh | 5 | ||||
-rw-r--r-- | conf/CA/p12.sh | 5 |
3 files changed, 6 insertions, 6 deletions
diff --git a/conf/CA/clean.sh b/conf/CA/clean.sh index 3df61082..593a0a6c 100644 --- a/conf/CA/clean.sh +++ b/conf/CA/clean.sh @@ -1 +1 @@ -rm -Rf private certs newcerts index* serial* intermediateCAs +rm -Rf private certs newcerts index* serial* intermediate.serial intermediate_* diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh index bb891759..eb391591 100644 --- a/conf/CA/manual.sh +++ b/conf/CA/manual.sh @@ -35,7 +35,7 @@ EOF chmod 400 private/$FQI.key SIGN_IT=true else - echo openssl req -newkey rsa:4096 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' + echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"' echo chmod 400 $FQI.key echo "# All done, print result" echo openssl req -verify -text -noout -in $FQI.csr @@ -46,7 +46,8 @@ if [ "$SIGN_IT" = "true" ]; then # Sign it openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \ -cert certs/ca.crt -keyfile private/ca.key \ - -policy policy_loose \ + -policy policy_loose \ + -days 360 \ -infiles $FQI.csr fi diff --git a/conf/CA/p12.sh b/conf/CA/p12.sh index f490b187..53184e2f 100644 --- a/conf/CA/p12.sh +++ b/conf/CA/p12.sh @@ -12,9 +12,8 @@ fi # Add Cert AND Intermediate CAs (Clients will have Root CAs (or not)) cat $MACH.crt > $MACH.chain - for CA in `ls intermediateCAs`; do - cat "intermediateCAs/$CA" >> $MACH.chain - done + # Add THIS Intermediate CA into chain + cat "certs/ca.crt" >> $MACH.chain # Make a pkcs12 keystore, a jks keystore and a pem keystore rm -f $MACH.p12 |